PostgreSQL edge connector
Run RLM analysis against PostgreSQL while the database credential and query results remain in your environment. The mrl process owns the PostgreSQL connection; generated Python receives only a short-lived loopback capability.
Quick start
Create a dedicated database role with only the schemas and tables this analysis may read. Then put its DSN in an environment variable:
export MODELRELAY_POSTGRES_DSN='postgres://rlm_reader:password@db.internal:5432/analytics?sslmode=require'
mrl rlm \
"Compare monthly revenue by plan and explain the largest changes" \
--postgres-dsn-env MODELRELAY_POSTGRES_DSN \
--db-name warehouse
The flag accepts an environment-variable name, not a DSN. This keeps credentials out of shell history and process arguments. Do not commit the variable value to source control.
Inside the RLM program, the source is available as warehouse (or db by default):
schema = warehouse.get_schema()
rows = warehouse.query("SELECT plan, sum(revenue) FROM monthly_revenue GROUP BY plan")
Security boundary
- The DSN and PostgreSQL driver exist only in the trusted local
mrlprocess.mrlremoves the named DSN variable from the Python subprocess environment; it is not sent to ModelRelay cloud or included in the runner request. - ModelRelay cloud receives the SQL string and selected SQL policy for validation. It does not receive database rows.
- The broker executes only the validator’s normalized SQL in a read-only transaction.
- Local hard caps apply even if a policy is looser: 1,000 rows, a 1 MiB encoded response, and a 5-second query timeout. Queries that exceed a local cap fail closed instead of returning a silent partial result.
- Use a dedicated least-privilege PostgreSQL role. Read-only transactions and SQL validation are defense in depth, not a substitute for database permissions.
Generated Python runs locally as your OS user. The PostgreSQL broker prevents it from receiving raw database credentials or driver access, but local RLM is not a general-purpose sandbox for unrelated files and services available to that user.
SQL policies
Pass --sql-profile to select a configured ModelRelay SQL policy:
mrl rlm "Find unusual refunds and explain the pattern" \
--postgres-dsn-env MODELRELAY_POSTGRES_DSN \
--sql-profile "$MODELRELAY_SQL_PROFILE_ID"
Without a profile, mrl applies a permissive SELECT-only PostgreSQL policy with conservative limits. A profile can further restrict tables, columns, joins, aggregations, ordering, and limits; it cannot relax the connector’s local hard caps.
Current scope
The connector is available for local mrl rlm. Hosted /rlm/execute does not accept a PostgreSQL DSN. For hosted data access, use the wrapper_v1 contract or deploy ModelRelay inside your controlled environment.